This is the first Draft for the ASL 3.0 Release candidate which we should be releasing shortly. I'm sure I missed things in this!

Changelog:ASL 3.0.0-0.rc1 Release Candidate #1

+ support for Cloudlinux 5+ support for Scientific Linux 5 & 6+ support for Red Hat Enterprise Linux 6+ support for Xen virtualization (as a guest OS)+ support for directadmin environments+ support for cpanel environments

+ WAF (Web Application Firewall) Rule Management, rules can now beenabled/disabled globally or by virtual domain. Additionally rules can now beset at different severity levels, and have their base response policy elementsmodified to include shunning, email alerts, and logging.

+ Repeat Offendor blocking, block times will now increase based on a userdefined setting (Default x2 of block time) each time they return.

+ File Integity management system: * Interface allows for list or tree view sorting. * "Notify" lists, this allows notifications to be sent to different email addresses for change alerts to different files. * "Watch" configuration, allows for the definition of what files or directories the system will monitor for changes. Configuration options allow for real-time monitoring, user/group ownership changes, permissions, checksum, and diff reporting. Diff reporting will include the changes made to the file in the body of the alert message for ascii files. * "Ignore" lists, allows for files or directories to be explicitly ignored from monitoring.

+ Reports, this is the first phase of the report manager, it currentlyincludes reports for: * Failed logins in the last 24 hours, 72 hours, and 30 days * Top Stats; Events by Level, Alerts in the last 24 hours, and Top alerts in the full history * Top Web Attackers in the last 24 hours, and the total number of attacks in the last 7 days

+ ASL Web User Manager: * Role Based Access control for ASL Web Users * Audits logins by ASL Web users * Role Manager allows for setting what components an ASL Web user can have access to. Including View Only and Modify options

= ASL Web, asl-web-setup has been retired, by default the ASL Username &Password will be the login to ASL Web.= ASL Web, rule ID's are now linked to documentation= All http connections that include the ASL username & password have beenconverted to https.= HIDS now uses a directory based rule management structure similiar to the apache conf.d design.= Updated psa_check to look for Vulnerability SA42052 in psa-proftpd= Added Vulnerability data for http://secunia.com/advisories/42052/= Proftpd clamav support checks much improved= waf module now supports SecReadStateLimit, and setting the SecEngine to "DetectionOnly"= waf_module now generates the default waf config file: /etc/httpd/modsecurity.d/tortix_waf.conf= waf_module now associates specific rules to the minimum version ofmod_security required to support them. Environments that do not meet theserequirements defined in the rule will not have the ruleset applied in anupdate.= waf_module, rule updates will now roll back to the last known working copyif an update fails configtest= Vulnerability report now sorts risks by importance. = /etc/asl/disabled_signatures and /etc/asl/disabled_vhost_signatures havebeen deprecated. They are now replaced by /etc/asl/rules= Performance improvements to the Application Inventory system.= ASL database setup event now supports blank password fields.= php_checks, add detection for PHP 5.3= psa_checks, add the ability to disable the Plesk crontabmng (PSA_DISABLE_CRONTAB)= databae-setup will now detect skip-networking conditions that would breakthe HIDS connector= Added an abbreviated CLI false positive reportig flag: -rfp= Added EOL check for fedora 12= All apache restart events default to "graceful"= Rules are now purged from /etc/httpd/modsecurity.d/ on an update if they arenamed *asl*conf

- Bugfix #314, /etc/alternatives/mta-sendmail will now be linked to /etc/alternatives/mta if it does not exist- Bugfix #385, App inventory can now handle directories with spaces- Bugfix #405, removed duplicate instances of ASL_WEB_CONFIGURED- Bugfix #406, remove all references to denyhosts- Bugfix #453, OSSEC_SHUN_ENABLE_TIMEOUT is set to NO ossec will now restart properly- Bugfix #457- enabling a rule leaves no longer leaves blank lines and empty statements- Bugfix #539, #577: Update /dev to support RTC on newer kernels- Bugfix #XXX, this will properly evaluate an asl.lock file as numeric. If detected as non-numeric, it will assume it is stale and remove the lock.- Bugfix #XXX, for adding client keys in "agent" mode.- Bugfix #XXX, add graceful to the APACHE_RESTART options- Bugfix #XXX, Retired kernel check, set firstboot to disable itself if something fails. This prevents reboot loops.

My compliment. I just can say "WOW!"It's amazing and a pleasure to see how fast you enhance ASL.I'm looking forward for the stable version and will try to test the RC in my virtual testserver if I find enough time.

I feel like we've been working on this a lot longer than we really have Looking back the 3.0 branch was started on October 1 2010, and the first new code was checked in on the 7th. Was that really only 9 months?

A minor update, all we're working on now is obsessing over how a minor section of the dashboard should look.

psa_checks, add the ability to disable the Plesk crontabmng (PSA_DISABLE_CRONTAB)

This turns on/off the ability to manage the crontab through plesk.

Quote:

Does that mean ASL will finally stop complaining about safe mode being there, even though its turned off?

Whats new here is that it allows us to build security profiles around versions of php, so when function calls don't exist in a version the check would only apply where it does exist.

Quote:

Will this be a replacement for APF?

Its neutral toward replacing firewall front ends like apf, the goal was to create a library that could read and parse firewall rules so you can organize and manage them. Sure it can replace apf, and can also work alongside it. We didn't want to make something that forced you to redo all your rules.

Quote:

support for Cloudlinux 5

Mainly that its now something supported officially, since pretty much any clone of EL5 is going to be compatible with ASL. LVE is not in our kernels yet because openvz isnt there (LVE requires openvz). We're heading that way though.

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot post attachments in this forum